Skip navigation
This discussion is archived

FTP Security Disaster

7323 Views 33 Replies Latest reply: May 3, 2007 3:31 AM by tobias Eichner RSS
1 2 3 Previous Next
R Bryan Harrison Level 2 Level 2 (210 points)
Currently Being Moderated
Apr 20, 2007 4:41 PM
It seems that either the 10.4.9 Sever Upgrade or the recent security update has disastrously altered the behavior of FTP in my configuration.

While FTP users are still sent to their home directories at logon, they're now free to CWD to get above those directories.

Worse, FTP now apparently perceives "/" as being the root level of the boot drive of the server, rather than the FTPRoot configuration in the Server Admin app. This gives FTP users inappropriate access to files that are outside of any sharepoint.

These behaviors persist unchanged even if I unshare everything - i.e., FTP users have all this access even if there are no sharepoints configured. Given the default o=rx configuration of many of the directories at "/" in a conventional X Server instillation, this is a nightmare.

Server Admin's "Advanced" settings for FTP now seem to have no effect whatsoever. Ironically, this means it's impossible to provide FTP users any access whatsoever to sharepoints. It makes no different what I setup - the behaviors described above persist. I can even specify user home directories outside of any sharepoint and FTP will provide access to them. Failure to specify a home directory dumps the user at the root level of the server's boot drive, not the FTPRoot. My only control over any of it is to turn FTP off entirely, which of course I have, much to the distress of my users.

I note that the normal creation of symbolic links in "/Library/FTPServer/FTPRoot" has been somehow suspended. Nothing ever happens, regardless of how I change settings.

I don't use anonymous FTP, and so have no idea how that would impact this mess.

As I'm sure is obvious, I'm now way beyond my expertise. Questions, suggestions... anything at all would be welcome.

Thanks,
Bryan
G5 DP 2.5 ghz, etc., Mac OS X (10.4.9), OS X Server 10.4.9
  • Joakim Hartmann-Petersen Calculating status...
    Currently Being Moderated
    Apr 21, 2007 12:39 AM (in response to R Bryan Harrison)
    Hi

    I have other problems, (http://discussions.apple.com/thread.jspa?threadID=933299&tstart=0 ) and I just tested, and I also have the same problems you are having (on 2 different servers)

    So far, I can see, that the /system/library/launchdaemon/ftp.plist has changed from using the program xftpd to using the program ftpd.

    I tried yesterday to change the plist and i seemed ok, but the new one (ftpd) was quicker so i reverted. BUT with your discoveries will make me change the plist file back to pre 2007-004 security update.

    Or, perhaps make all the config files as ftpd expects to find ind the /etc/ lib. (try man ftpd)

    This is my pre 2007-004 security update ftp.plist:

    # cat pre.2007-004.ftp.plist
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>Label</key>
    <string>com.apple.xftpd</string>
    <key>Program</key>
    <string>/usr/libexec/xftpd</string>
    <key>ProgramArguments</key>
    <array>
    <string>xftpd</string>
    <string>-a</string>
    </array>
    <key>Sockets</key>
    <dict>
    <key>Listeners</key>
    <dict>
    <key>SockPassive</key>
    <true/>
    <key>SockServiceName</key>
    <string>ftp</string>
    <key>SockType</key>
    <string>SOCK_STREAM</string>
    </dict>
    </dict>
    <key>inetdCompatibility</key>
    <dict>
    <key>Wait</key>
    <false/>
    </dict>
    </dict>
    </plist>



    The biggest disaster is, that Apple wrote, that the change on the lukemftpd -> tnftpd wasn't an issue on OS X Server (perhaps they meant something other, that what I understood)


       
  • Zach Marano Calculating status...
    Currently Being Moderated
    Apr 21, 2007 12:39 AM (in response to R Bryan Harrison)
    The security update caused this behavior on MacOS X Server. I have 7 servers that run FTP services for various reasons and they are all affected. I have had to shut off FTP until I can figure out a fix. With hope Apple comes out with a fix in short order.
    MacBook Pro 15", Mac OS X (10.4.9)
  • Joakim Hartmann-Petersen Level 1 Level 1 (15 points)
    Currently Being Moderated
    Apr 21, 2007 1:02 AM (in response to Joakim Hartmann-Petersen)
    I have changed to the old plist. ACL (se my originale thread) works and you can't cd / (well, you can, but you get what you expect - the root of your home)

    I think everything is back by that change. I will however revert back just before the next update, to see, if Apple has made the error right again.

    One thing I'm missing now: the logging to the ftp.log file. The new tnftpd could log login/transfer etc. to ftp.log, but the pre sec.upd. can't.
    Anybody?
  • Zach Marano Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 21, 2007 1:53 AM (in response to Joakim Hartmann-Petersen)
    Changing the ftp.plist file is a great solution. Thanks for that. I was already trying to create a ftpd.conf file in /etc to get ftpd working correctly. However, I wasn't having any immediate success. In any case, it seems like it was an oversight by Apple to only create one security update for both OS X 10.4.9 client and server. They are not equal. I hope nothing else was taken under as well.
    MacBook Pro 15", Mac OS X (10.4.9)
  • Bryan K. Vines Calculating status...
    Currently Being Moderated
    Apr 21, 2007 4:34 PM (in response to Joakim Hartmann-Petersen)
    Thanks, you're a lifesaver. I've been wrestling for the past couple of hours with this issue. I was migrating from Server 10.3.9 to Server 10.4.x, and I applied all the updates to get it to 10.4.9 before I noticed the FTP issue.

    I thought it was just me. Fortunately I have more than one 10.4.x server handy; the other two are running 10.4.8.

    Now that I think about it though, this is the second time to my knowledge that Apple has broken FTP. The last time was back in the 10.2 days, and it broke file sharing via FTP on 10.2.x client computers.

    Anyway, thanks a bunch for posting that message. I've adjusted the ftp.plist to use xftp again, and all is well.

    --
    Bryan VInes


    Lots of Macs    
  • Daniel Sofer Calculating status...
    Currently Being Moderated
    Apr 22, 2007 3:57 PM (in response to Zach Marano)
    I don't consider editing the plist file a RESOLUTION of this topic.

    - For one, while it does solve the root access problem, it still does not get users back into their Home Directory only. The Server Admin settings are still ignored.

    Apple, me and my 150 paying web hosting customers are hoping you fix this soon.

    Thanks,
    Daniel Sofer
    Hermosawave Internet
    Xserve and G4s with Tiger Server, PBs, minis..., Mac OS X (10.4.9), Tiger and Panther Server
  • webjedi Calculating status...
    Currently Being Moderated
    Apr 22, 2007 6:17 PM (in response to R Bryan Harrison)
    Yes, this is a disaster. All the share points listed are poof gone. I can only suggest SFTP to folks now since this functionality is busted, which is NOT good.

    I would have expected an update to the Admin Tool for the server side if they were making such a drastic change.

    Personally, I'm seeing, that I will now despise the iPhone due to what it's done to QA resources for OS X. This I think is the result. (great and an October release of Leopard.. psssh)

    Anyhow, I have yet to try the PLIST fix, but I think trolling through the man page for the new FTP server to fix this issue. I'll keep you all posted.
    G5, Mac OS X (10.4.9)
  • webjedi Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 22, 2007 7:17 PM (in response to webjedi)
    Yeah, there isn't a "resolution" here.

    I think we're looking for why the ftpd is not accessing and utilizing files found here:

    /Library/FTPServer/Configuration

    ftpaccess is one of the big ones, since this is what defines what a major bit of the functionality of the ftpd server will follow, including permissions.

    According to the tnftpd man page, it's looking for this:

    FILES
    /etc/ftpchroot List of normal users whose root directory should be
    changed via chroot(2).
    /etc/ftpd.conf Configure file conversions and other settings.
    /etc/ftpusers List of unwelcome/restricted users.
    /etc/ftpwelcome Welcome notice before login.
    /etc/motd Welcome notice after login.
    /etc/nologin If it exists, displayed and access is refused.
    /var/run/ftpd.pids-CLASS
    State file of logged-in processes for the tnftpd class
    `CLASS'.
    /var/run/utmp List of logged-in users on the system.
    /var/log/wtmp Login history database.


    None of which exist after the update. Apple, what hath though wrought?
    G5, Mac OS X (10.4.9)
  • Joakim Hartmann-Petersen Level 1 Level 1 (15 points)
    Currently Being Moderated
    Apr 22, 2007 10:04 PM (in response to Daniel Sofer)
    Well, It works here. Did you just change the program name??
    or did you revert to the original ftp.plist. (hint: there is more changes than just the name)
    I have just tried changing the SA->FTP-> Advanced and tried all 3 options.
    FTP root and share points: FTP user started ind home dir. CD/ gave shares (FTP root is below one of the shares)
    Home Dir With Shares: FTP Users started in home dir. CD / still gave home dir and There was the link to FTPRoot where my shares was.
    Home Dir only: Ftp user started in home dir and there was a FTPRoot link but it didnt point anywhere (was left over from the previous test)

    I cant see, whats missing.
    Please clarify
  • Daniel Sofer Level 1 Level 1 (65 points)
    Currently Being Moderated
    Apr 23, 2007 8:57 AM (in response to Joakim Hartmann-Petersen)
    Jokaim, Bryan:
    Thanks for the responses.
    I replaced my ftp.plist with yours and now the ftp won't start from the Server Admin, yet an ftp service is running.

    I'll take another look soon.

    Daniel
    Xserve and G4s with Tiger Server, PBs, minis..., Mac OS X (10.4.9)
  • Joakim Hartmann-Petersen Level 1 Level 1 (15 points)
    Currently Being Moderated
    Apr 23, 2007 9:07 AM (in response to Daniel Sofer)
    Hi,
    Did you restart the server after the change?
    The FTP server only disappeard after a restart

    What greeting did the ftp server give you (tnftpd?)

    bye,
  • Daniel Sofer Level 1 Level 1 (65 points)
    Currently Being Moderated
    Apr 23, 2007 11:03 AM (in response to Joakim Hartmann-Petersen)
    Hi Joakim:
    Yes after I restarted, the mystery ftp server disappeared

    After poking around with many iterations of the plist file, I was able to get the FTP server working properly again.

    I think my problems were:
    -- Copying your plist from the discussions page and pasting directly into the terminal -- when I pasted into BBEdit first , removed your comment line, reflowed and saved, and then pasted into terminal>pico -- it was happier.
    -- Trying to start the server with the Server Admin instead of rebooting the entire server.

    Okay, I can exhale now! Thanks for your help.

    Daniel Sofer
    Hermosawave Internet
    Xserve and G4s with Tiger Server, PBs, minis..., Mac OS X (10.4.9)
1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.